[tor-bugs] #32901 [Internal Services/Tor Sysadmin Team]: puppetize Nagios

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 29 23:34:32 UTC 2020


#32901: puppetize Nagios
-------------------------------------------------+-------------------------
 Reporter:  anarcat                              |          Owner:  anarcat
     Type:  project                              |         Status:
                                                 |  assigned
 Priority:  Low                                  |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tpa-roadmap-february                 |  Actual Points:
Parent ID:  #31239                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Old description:

> one part of our install process is to configure Nagios, by hand, in the
> git repository. I usually do this by copy-pasting some similar blob of
> config from a possibly similar machine and hope for the best.
>
> this is a manual step, and as part of the automation of the install
> process, it should be made automatic.
>
> one way this could (and probably should) be done is by making Puppet
> automatically add its nodes into Nagios. this can be done using the
> [https://github.com/Icinga/puppet-icinga2 icinga2 module], for example.
> care should be taken to do a smooth transition, keeping existing
> configurations and just adding the Puppet ones on top, for new machines.
>
> but this could (eventually) be retroactively added to all nodes, removing
> all manual configuration.

New description:

 one part of our install process is to configure Nagios, by hand, in the
 git repository. I usually do this by copy-pasting some similar blob of
 config from a possibly similar machine and hope for the best.

 this is a manual step, and as part of the automation of the install
 process, it should be made automatic.

 one way this could (and probably should) be done is by making Puppet
 automatically add its nodes into Nagios. this can be done using the
 [https://github.com/Icinga/puppet-icinga2 icinga2 module], for example.
 care should be taken to do a smooth transition, keeping existing
 configurations and just adding the Puppet ones on top, for new machines.

 but this could (eventually) be retroactively added to all nodes, removing
 all manual configuration.

 checklist:

 * [ ] audit and import the module in our monorepo
 * [ ] enable on the nagios server, without writing any config (hopefully a
 noop)
 * [ ] enable a single config from puppet, as a test
 * [ ] add a new host check configuration
 * [ ] add a new service check configuration
 * [ ] add all *base* service checks for the new host
 * [ ] convert legacy config into puppet (at this stage we only have the
 old hosts as legacy config)
 * [ ] convert old hosts into puppet
 * [ ] convert old *services* into puppet

 It's a long way there, but getting to the state where *new* hosts are
 covered would already be a great improvement.

--

Comment (by anarcat):

 apparently, the icinga module in puppet *can* be installed without
 destroying existing configs, so this *should* work. i update the summary
 to add a checklist reflecting that.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32901#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list